Businesses are increasingly turning to WordPress to share their content on the Web, but despite WordPress itself being generally secure, the plug-ins that provide useful features for end users and website providers can introduce security vulnerabilities.
In this month’s SearchSecurity.com screencast, expert penetration tester Mike McLaughlin of First Base Technologies demonstrates how to use WPScan, a tool that exposes security vulnerabilities in WordPress plug-ins. He provides a link to download WPScan, walks through WPScan’s features, and shows how simple it is to assess a site's WordPress plug-in security. From SQL injection vulnerabilities to brute-force attacks on passwords, WPScan can help secure WordPress plug-ins quickly and easily.
About the author:
Mike McLaughlin is a penetration tester working for First Base Technologies, an information security consultancy in the UK. Mike's daily work consists of both internal and external network based penetration testing, Web application penetration testing, and social engineering.